Typo squatting, dependency confusion, and brandjacking detection
Abstract
A software build environment is scanned for one or more potentially malicious code paths. In response to scanning the software build environment for the one or more potentially malicious code paths, one or more potentially malicious code paths are identified. The identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path. In response to identifying the one or more potentially malicious code paths a microprocessor does at least one of: generate a notification identifying the one or more potentially malicious code paths, automatically change and/or remove the one or more potentially malicious code paths and deny the start of a build process.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system, comprising:
a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to:
scan a software build environment for one or more potentially malicious code paths;
in response to scanning the software build environment for the one or more potentially malicious code paths, identify the one or more potentially malicious code paths,
wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and
wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and
in response to identifying the one or more potentially malicious code paths, the microprocessor
denies the start of a build process.
2. The system of claim 1 , wherein the microprocessor readable and executable instructions further cause the microprocessor to:
in response to scanning the software build environment for the one or more potentially malicious code paths:
identify one or more software components associated with the one or more potentially malicious code paths; and
compare hashes for the one or more software components to known hashes of legitimate versions of the one or more software components to validate whether the one or more software components are valid.
3. The system of claim 1 , wherein identifying the one or more potentially malicious code paths comprises the typo squat code path.
4. The system of claim 3 , wherein the typo squat code path is identified based on at least one of: keyboard keys next to each other, an extra character, a missing character, switched characters, a hidden character, other special characters, hyphenated strings, a spelling mistake, an alternate spelling, use of alternate character encoding standards, an incorrect domain ending, and a pluralization.
5. The system of claim 1 , wherein identifying the one or more potentially malicious code paths comprises the dependency confusion code path.
6. The system of claim 5 , wherein the dependency confusion code path is identified based on at least one of: a version indicator, a less than version indicator, a less than or equal to version indicator, a greater than version indicator, a greater than or equal to version indicator, approximately equivalent to version indicator, a compatible with version indicator, and a range of version indicator.
7. The system of claim 1 , wherein identifying the one or more potentially malicious code paths comprises the brandjack code path.
8. The system of claim 1 , wherein the at least one of the one or more potentially malicious code paths is based on a second level or greater of a dependency tree.
9. The system of claim 1 , wherein scan the software build environment for one or more potentially malicious code paths includes scan a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components.
10. A method, comprising:
scanning, by a microprocessor, a software build environment for one or more potentially malicious code paths;
in response to scanning the software build environment for the one or more potentially malicious code paths, identifying, by the microprocessor, the one or more potentially malicious code paths,
wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and
wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and
in response to identifying the one or more potentially malicious code paths,
denying, by the microprocessor, the start of a build process.
11. The method of claim 10 , further comprising:
in response to scanning the software build environment for the one or more potentially malicious code paths:
identifying one or more software components associated with the one or more potentially malicious code paths; and
comparing hashes for the one or more software components to known hashes of legitimate versions of the one or more software components to validate whether the one or more software components are valid.
12. The method of claim 10 , wherein identifying the one or more potentially malicious code paths comprises the typo squat code path.
13. The method of claim 12 , wherein the typo squat code path is identified based on at least one of: keyboard keys next to each other, an extra character, a missing character, switched characters, a hidden character, other special characters, hyphenated strings, a spelling mistake, an alternate spelling, use of alternate character encoding standards, an incorrect domain ending, and a pluralization.
14. The method of claim 10 , wherein identifying the one or more potentially malicious code paths comprises the dependency confusion code path.
15. The method of claim 14 , wherein the dependency confusion code path is identified based on at least one of: a version indicator, a less than version indicator, a less than or equal to version indicator, a greater than version indicator, a greater than or equal to version indicator, approximately equivalent to version indicator, a compatible with version indicator, and a range of version indicator.
16. The method of claim 10 , wherein identifying the one or more potentially malicious code paths comprises the brandjack code path.
17. The method of claim 10 , wherein the at least one of the one or more potentially malicious code paths is based on a second level or greater of a dependency tree.
18. The method of claim 9 , scanning, by the microprocessor, the software build environment for one or more potentially malicious code paths includes scanning, by the microprocessor, a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components.
19. A non-transient computer readable medium having stored thereon instructions that cause a processor to execute a method, the method comprising:
instructions to:
scan a software build environment for one or more potentially malicious code paths;
in response to scanning the software build environment for the one or more potentially malicious code paths, identify the one or more potentially malicious code paths,
wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and
wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and
in response to identifying the one or more potentially malicious code paths,
deny the start of a build process.
20. The non-transient computer readable medium of claim 19 , wherein scan the software build environment for one or more potentially malicious code paths includes scan a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.